Product Security Engineer – DeFi

4+ years in application/product security, with strong exposure to DeFi protocols and markets. Expertise in smart contract security (Solidity, EVM internals, known attack classes). Experience with threat modeling and secure design reviews. Familiarity with DeFi primitives (AMMs, lending, oracles, governance, bridges). Understanding of cryptography, key management, and wallet security. Strong ability to articulate risks and propose secure alternatives.

Review DeFi strategies, protocol designs, and smart contracts for security risks and failure modes. Evaluate markets-related activities (e.g., liquidity provision, governance, cross-protocol integrations) for systemic vulnerabilities. Provide secure design input for new features and applications. Identify and mitigate threats including reentrancy, oracle manipulation, flash loan exploits, MEV, and governance exploits. Advance application security initiatives: Threat modeling and design reviews, Data security and access control design, Identity and access management (IAM), SDLC improvements and developer enablement. Collaborate with external auditors and internal stakeholders to validate findings and track remediation.